package com.autumn.oauth2.zero.configure;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import com.autumn.security.core.authentication.UsernamePasswordAuthenticationProvider;

/**
 * 
 * 授权安全配置
 * 
 * @author 老码农 2018-04-14 20:16:26
 */
public class ZeroAuthenticationSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

	@Autowired
	private UsernamePasswordAuthenticationProvider usernamePasswordAuthenticationProvider;

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		String[] matcherPaths = new String[] { "/oauth/token/**", "/swagger-resources/**" };
		http.authorizeRequests()
				.antMatchers(HttpMethod.GET, "/*.html", "/favicon.ico", "/**/*.html", "/**/*.css", "/**/*.js",
						"/**/*.gif")
				.permitAll().antMatchers(HttpMethod.GET, matcherPaths).permitAll()
				.antMatchers(HttpMethod.POST, matcherPaths).permitAll().antMatchers(HttpMethod.DELETE, matcherPaths)
				.permitAll().antMatchers(HttpMethod.HEAD, matcherPaths).permitAll()
				.antMatchers(HttpMethod.OPTIONS, matcherPaths).permitAll().antMatchers(HttpMethod.PATCH, matcherPaths)
				.permitAll().antMatchers(HttpMethod.PUT, matcherPaths).permitAll()
				.antMatchers(HttpMethod.TRACE, matcherPaths).permitAll().anyRequest().authenticated().and().formLogin()
				./* loginPage("/login"). */permitAll().and().logout().permitAll().and().csrf().disable();
		
		//LoginUrlAuthenticationEntryPoint aa;
	}

	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {		
		auth.authenticationProvider(usernamePasswordAuthenticationProvider);
	}

	@Override
	@Bean
	public final AuthenticationManager authenticationManagerBean() throws Exception {
		return super.authenticationManagerBean();
	}
}
